GL-INet and backdoors?

Hey there,

don’t want to start some flame war, but I saw this topic and have questions on it. What is the end of the story? It’s rather strange that it ends without any comment of the official site anymore.

Does nobody reproduced such behavior?


My local Gl-Inet router are all tripple NAT, behind a Mainrouter and in a LAN with an OPNsense instance.
I don own the computing power to perform a 24/7 check, but my systems rarely complaining about a GL-Inet device. And if so, the traffic was always originated by an endpoint, not the router.

I am using part-time Rapid7 InsightVM. I have a snort instance with highly customized filters (no Windows detection, because I don’t own a windows) and shortly I started a Kali based Zeek (Suricata will follow) …
I do think something would pop up at some time. Even if I am only a hobbyist, I am not a network expert.

I could not confirm the observations from the post and I don’t see the mentioned proof. But I have it read all 42 answers.

There’s no flaming to be had here, my guy.

That thread is a sh!tshow. You had one chucklehead who doesn’t even know how to screencap, never mind read or get the logs, post histrionics. In all likelihood his client devices are riddled with malware/trackers.

So far I’m only seeing suspicions in the first post, but up to now, nobody has been able to reproduce this issue.

Only one person ITT, as far I could see, had the sense to packet sniff:


Like Hell you don’t: :wink:

:yawning_face: This was very long post to read before going to bed! :yawning_face:

Anyway, the guy has a claim without a proof. I believe most GL devices have stock openwrt (except the newer ones like Spitz AX). Paranoid customers can choose the stock one and that’s it.

I own a Firewalla, and I use GLI net routers as my access point. If the access point send any kind of traffic, malicious in nature, I would have seen it in my logs. I’ve been running routers for years. I’ve never seen anything wrong.

In the last 24hrs, all it’s done is ask for time, on port 123

that’s shot too fast, as I mean. Just wondering, why there was no official answer from GLiNet. Smth like “We still didn’t get the logs”, or “the logs show this and that”. But, yes, as it seems, nobody could somehow reproduce it.

We’ll have to agree to disagree here; I’ve been doing this for, well, let’s just say more than a while/more than I care to admit. Filtering the noise from the signal is the first thing in all troubleshooting. < / waxes poetic >

Exactly. GL’s repos are on GitHub yet none of those muppets thought to point to/inquire w/ others how to highlight the supposed code that is alleged to do all this nefarious activity… seriously? Like I said only one person ITT had the sense to packet sniff.

@alzhao was in that thread & addressed it. It may not be to everyone’s supposed ‘satisfaction’ but why bother given it basically boils down to bleating OMGZ! China BAD!? Alzhao called it for more diplomatically than I when he requested logs.

It’s like giving serious credence to those wilfully ignorant, luddite chucklehvcks screeching 5G == cancer.

Evidence or GTFO.

Now excuse me as I go check out this UFO just that landed in my backyard in the middle of a bustling metropolis.

ok, concerning the ‘evidence’, in touch of sociology and society criticism, I have very much problems with that religion on ‘evidence’. But that just in general.

In that special case I also missing some infos about the logs and other people which tried to reproduce the behavior. As it seems, they both don’t exist.

Did you even read the entire post you shared here?! Of course, there were multiple replies by GL employees and they said exactly what you mentioned!

Note: I spent an hour reading the entire Openwrt post you shared - claims without a shred of evidence!

1 Like

< ahem > Your thinking appears muddled. Evidence is antithetical to religion. Not everyone who speaks is worth hearing as any assh— can make a claim.

I don’t think there’s much to be accomplished further ITT. @SpitzAX3000 summarizes it nicely.

I read the whole post, yes. But the end of the post is NOT the answer that there were still no logs or what these logs show. It was just closed. That’s why the question here.

it’s off topic, but no, ‘evidence’ is NOT antithetical to religion. I suppose you didn’t know about the sociology and the society criticism. Evidence is always made by might structures within the society and NOT by somehow truth seeking scientists. Evidence is always a creation of processes based on seeking for might and social ‘credits’. It’s not my opinion, it’s about 70 years of sociology. Science was never there for making some 'facts. It’s all about making research designs, operationalization and economical and political interests. So I mean, it’s not scientific to put ‘evidence’ to the throne of some fact supplier.

I’m in topic in that as in the IT :wink: but let us not discuss it here :smiley:

back to topic:
I just wanted to know, if GliNet got these log files or if somebody tried to reproduce such behavior

That which can be asserted without evidence, can be dismissed without evidence.
― Christopher Hitchens, aka Hitchen’s Razor

Science is an attempt, largely successful, to understand the world, to get a grip on things, to get hold of ourselves, to steer a safe course. Microbiology and meteorology now explain what only a few centuries ago was considered sufficient cause to burn women to death. ― C. Sagan, The Demon-Haunted World: Science as a Candle in the Dark (1996)

Evidence is always made by might structures within the society and NOT by somehow truth seeking scientists.

Post-modernist detected. Shouldn’t you be asking for my pronouns?

sorry, it has nothing to do just with the post-modernism, it has to do with the basics of sociology. It’s just the reality of the science, which acts NOT in an abstract world of truth-seekers and world-understanders, but in the social structures with all that kind of stuff, I mentioned above. These are rather banal insights of modern (not even post-modern) society analysis.

So I just want to say: evidence is NOT the throne of scientifical fact (or smth nearly like that). It’s a very complicated process of social creation. If you say, no it’s not. It would be kinda crazy, sorry. The idea of science is not separated from the politics, economy and such aspiration to power, if you want to understand it in it’s reality and not in the idea ‘standing for itself in separated kind of room’.

As it seems, we dive deep into off topic. So maybe it makes sense to close this thread. For I’d be still interested in the official answer to the “logs or not logs”. I think that would nail this rumour about backdoors.

1 Like

The idea of science is not separated from the politics, economy and such aspiration to power, if you want to understand it in it’s reality and not in the idea ‘standing for itself in separated kind of room’.

Non sequitur. Disregarded.

My guy, sociology isn’t a science. It has no predictive power.

:smiley: sorry, it’s rather ridiculous to talk in IT forum about what is science and what is not science. But as it seems, it’s a good trigger point. Good night, the pride of scientifical science of all scientifical sciences! Maybe you find some the only ‘predictive power’ in the church, which is closely to such understanding of ‘science’. So, good night.

@Mods, sorry for off topic, just couldn’t resist to discuss a little bit with such unilateral view. Didn’t expect it in the GliNet forum :smiley:


… he posts, oblivious to the fact of these correspondences are only possible by the multitude of layers ― standing on the shoulders of giants, if you will ― of applied knowledge made manifest known as technology… all which are fundamentally, foundationally, founded on manipulating matter at the sub-atomic level, that science.

Then he’ll walk pass a light switch.


I don’t comment a lot on such topics. It seems not so necessary for me.

But a simple reply to your questions:

We don’t have backdoors.


I understand it, but I think it’s necessary for the customers. Past times show that trusted organisations were not so trusted at the end. That’s why I thought it would be clearer to finish the story with some infos about getting or not getting the logs.

The story was also about DNS issues, which can not just called ‘backdoors’.

The dns on the router is not configured by default. The router use the dns it get from the wan (or repeater) connections, which is generally your ISP dns servers.

If you don’t want your ISP log you, you can also set up 3rd party encrypted dns servers. If you still don’t trust these dns servers, set up your own dns server.

1 Like

sure, I’m just talking about the supposed leaks mentioned in the thread above.